Application No.: 10/788,417 

REMARKS 

The October 27, 2008 Office Action regarding the above-identified application has been 
carefully considered; and the concurrently filed Terminal Disclaimer together with the claim 
amendments above and the remarks that follow are presented in a bona fide effort to respond 
thereto and address all issues raised in that Action. The claims have been amended only to 
improve grammar. It is believed that the revised claim language does not narrow the scope of 
any amended claim. Care has been taken to avoid entry of new matter. For reasons discussed 
below, it is believed that this case is in condition for allowance. Prompt favorable 
reconsideration of this amended application is requested. 

The Examiner rejected claims 1 and 8 for non-statutory double patenting over claim 1 of 
U.S. Patent No. 7,080,251 to Fujishiro et al. (hereinafter the Fujishiro patent), in view of U.S. 
Patent No. 6,134,550 to Van Oorschot et al. (hereinafter Van Oorschot). Applicants are 
concurrently filing a Terminal Disclaimer to obviate this double patenting rejection over the 
Fujishiro patent. However, that filing should not be construed as any agreement by Applicants 
that the independent claims are not patentable over the claims of the Fujishiro patent alone or in 
combination with Van Oorschot. Withdrawal of the double patenting rejection is requested. 

Claims 1-14 were rejected under 35 U.S.C. §103(a) as unpatentable over U.S. Publication 
No. 2002/004630 to Fujishiro et al. (hereinafter the Fujishiro publication) in view of Van 
Oorschot. This rejection is traversed. 

The pending independent claims include steps for registering a partial path in the event 

that the path specified by the certification validation request is NOT registered in the database. 

In particular, each independent claim includes inter alia recitations as follow: 

step 6) if the checked path is not registered in the database as the 
valid path in step 4, searching a path that includes a partial path from the start 
certificate authority being the trust anchor to the end entity certificate issuing 
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authority which has issued the public key certificate of which certificate 
validation is requested and which is the end of the path, and that extends from 
the start certificate authority being the trust anchor to the end entity which is an 
issue destination of the public key certificate of which certificate validation is 
requested; 

step 7) in the searching step in step 6, if the path extending from the 
start certificate authority being the trust anchor to the end entity being the issue 
destination of the public key certificate of which certificate validation is 
requested is detected, validating the path that includes the partial path and 
extends from the start certificate authority being the trust anchor to the end 
entity being the issue destination of the public key certificate of which 
certificate validation is requested; 

step 8) judging the validity of the public key certificate of which 
certificate validation is requested based on the validation result in step 7 and 
outputting a result of the judgment; and 

step 9) registering the partial path included in the path validated in step 
7 into the database as a valid path. 

It is respectfully submitted that the Fujishiro publication does not provide these steps 
relating to partial path validation for a situation in which a checked path is not registered in the 
database as a valid path, and Van Oorschot does not make up for these distinctions. 

As discussed for example in the abstract, the Fujishiro publication discloses a technique 
for periodically searching for and verifying paths which extend from a bridge certification 
authority to individual terminal admitting certification authorities. In the publication, Fujishiro 
registers the paths whose verifications have held good, in a path database in association with the 
respective terminal admitting certification authorities. When there is a request for the 
authentication of the validity of a certificate, the system judges the subject certificate to be valid 
only when both the paths are registered. Sections of the Fujishiro publication cited in the 
rejection are consistent with the description in the abstract, that is to say, the disclosed technique 
judges the subject certificate to be valid only when both the paths are registered. 
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The Fujishiro publication does not meet claim requirements regarding performing a 
search in the event that the path is not in the database (step 6 of each independent claim) or any 
of the further processing recited in the independent claims that flow from that outcome (e.g. 
steps 7-9 of each independent claim). In that regard, it may be helpful to compare the process 
flow of the example of FIGS. 10 and 1 1 of the present application to the process flow disclosed 
by FIGS. 10 and 11 of Fujishiro, to exemplify this distinction. In particular, the process in the 
Fujishiro publication branches from the 'NO' decision in step S2002 in FIG. 10 directly to the 
step S2003 in FIG. 1 1 in which there is a notification to the requestor that the subject certificate 
is not valid. Because the Fujishiro publication only provides a notification of invalidity whenever 
the path is not in the database, the publication does not provide the search etc. that are performed 
after the 'NO' decision at step S2002 in FIG. 10 of the present application, in the event the path 
is not in the database. 

The latest rejection now acknowledges that Fujishiro does not disclose performing a 
search in the event that the path is not in the database and instead cites Van Oorschot. However, 
Van Oorschot does not make up for the above-noted differences over the Fujishiro publication. 
It is respectfully submitted that Van Oorschot would not teach one of skill in the art to perform a 
search in the event that the path is not in the database particularly in a manner that would in turn 
lead to the further processing recited in the independent claims that flow from that outcome (e.g. 
steps 7-9 of each independent claim). 

There are differences between Van Oorschot and the relevant portions of Applicants' 
claims 1 and 8. Van Oorschot constructs a preferred certificate chain, such as a list of all 
certificate authorities in a shortest trusted path, based on generated certificate chain data, 
allegedly to facilitate rapid validity determination of the certificate by a requesting unit 
(Abstract). In Van Oorschot, the certificate chain constructing unit 206 determines whether the 
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end of the chain has been reached as shown in block 604. If the end of the chain has not been 
reached, the certificate chain constructing unit obtains the associated table entry for the next link 
from the certificate chain data table 209 as shown in block 606. This link in the chain is then 
added to the previous link as shown in block 608, and the process continues until the end of the 
shortest chain is reached. Attention is directed to Column 10, lines 40-48. This essentially 
describes an iterative process for building the chain from data that is present in the table . 
However, Van Oorschot does not suggest or disclose a search process like that recited claim Step 
6 in which the process for obtaining and analyzing a public-key certificate based on the 
information provided by a request for a certificate validation is executed, and then, a path 
between a start CA and a specific end entity, including a partial path from a start CA to an end 
entity certificate issues CA, is searched , if the checked path is not yet registered in the database. 
In Van Oorschot, if no certificate chain data is stored in a relevant entry of the look up table, the 
client query processor returns a signal indicating that no trust chain is known corresponding to 
the query. Attention is directed to Column 10, lines 55-58. 

Moreover, according to the present independent claims, a path to be registered when it is 
detected by a search and the validity is authenticated, is not "a path from a start CA to an end 
entity," but is a partial path included in the path that is a partial path from a start CA to an end 
entity admitting certificate authority (end entity certificate issuing authority). This is a claim 
distinction that has not been disclosed by Van Oorschot or the Fujishiro publication. 

It should be apparent from the foregoing that the claimed search (step 6) in the event that 
the path is not in the database is different from the feature of Van Oorschot, wherein a chain data 
is added to a link when the end of the chain has not been reached (compare step 6 to column 10, 
lines 40-58, of Van Oorschot). 
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Van Oorschot describes that a link in the chain from a subscriber's CA to a target CA 
could be added to the chain as a way of connecting a path registered in the certificate chain data 
table 209 (see column 10, line 42-53). In contrast, the steps recited in the present independent 
claims may take into consideration any combination of CAs, which could cover broken chains 
between a start CA and an end entity certificate issuing authority and chains between a start CA 
and a target CA (not only the shortest chain). Compared with the claims, according to Van 
Oorschot, if a new CA is added after the database is created, a revised path including the 
information of the added new CA can not be made (chain construction fails if a relevant entry is 
absent from the table, column 10, lines 55-58). Thus, even if it is the case where the public key 
certificate could be validated once the path including the new CA is available, the validation of 
such a public key certificate would not be achieved by Van Oorschot because the entry for that 
CA is absent from the outdated table. 

It also should be apparent from the foregoing that the subsequent processing steps 7-9 
recited in the claims have not been disclosed or suggested by the cited references. It is submitted 
that neither of the documents cited in the art (103) rejection teaches Step 7, wherein if the path 
extending from the start CA being the trust anchor to the end entity being the issue destination of 
the public key certificate of which certificate validation is requested is detected, validating the 
path that includes the partial path and extends from the start certificate authority being the trust 
anthor to the end entity being the issue destination of the public key certificate of which 
certificate validation is requested. Similarly, the Fujishiro publication and Van Oorschot fail to 
specifically teach claim Step 8, wherein, judging the validity of the public key certificate of 
which certificate validation is requested based on the validation result in step 7 and outputting a 
result of the judgment. Furthermore, the Fujishiro publication and Van Oorschot fail to 
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specifically teach claim Step 9, wherein, registering the partial path included in the path 
validated in step 7 into the database as a valid path. 

Consequently, the inventions of claims 1 and 8 and the various dependent claims could 
not have been made by combination of the invention of the Fushiro publication and the teachings 
of Van Oorschot. 

The claimed subject matter (e.g. of claims 1 and 8) aims at solving problems such as one 
or more of those described below: 

i) The number of cases in which periodical search, authentication, or registration for 
path are not sufficient for public key certificate validation have been increased because of 
expanding number of certificate authorities (CAs) and resulting change(s) of the system 
configuration. 

ii) The number of cases in which the information of changes in the certificate 
authority configuration relating to newly established CAs or closed-down CAs has not been 
properly provided to a manager of a certificate validation server has increased, so that manual 
search, authentication, or registration for path can not be processed properly. This may lead the 
certificate validation server to create the wrong validation result. 

However, Van Oorschot does not recognize or solve any of these problems. It is 
respectfully submitted since Van Oorschot does not address such problems one of skill in the art 
would not see a reasonable basis to combine Van Oorschot with the Fushiro publication. Hence, 
in addition to not fully satisfying the independent claim requirements as outlined above, the 
combination of the Fushiro publication and Van Oorschot would not have been legally obvious. 

Upon entry of the above claim amendments, claims 1-14 remain active in this 
application, all of which should be patentable over the art applied in the Action. Applicants 
therefore submit that all of the claims are in condition for allowance. Accordingly, this case 

17 



Application No.: 10/788,417 

should now be ready to pass to issue; and Applicants respectfully request a prompt favorable 
reconsideration of this matter. 

It is believed that this response addresses all issues raised in the October 27, 2008 Office 
Action. However, if any further issue should arise that may be addressed in an interview or by 
an Examiner's amendment, it is requested that the Examiner telephone Applicants' 
representative at the number shown below. 

To the extent necessary, if any, a petition for an extension of time under 37 C.F.R. § 
1.136 is hereby made. Please charge any shortage in fees due in connection with the filing of 
this paper, including extension of time fees, to Deposit Account 500417 and please credit any 
excess fees to such deposit account. 



Respectfully submitted, 



McDERMOTT WILL & EMERY LLP 




Keith E. George 
Registration No. 34,1 1 1 



600 13 th Street, N.W. 
Washington, DC 20005-3096 
Phone: 202.756.8000 KEG:apr 
Facsimile: 202.756.8087 
Date: January 27, 2009 



Please recognize our Customer No. 20277 
as our correspondence address. 
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